Beruflich Dokumente
Kultur Dokumente
21CFR PART-11
AN OVERVIEW OF 21 CFR PART-11 -
COMPILATION
AN OVERVIEW OF 21 CFR PART-11 -COMPILATION
Computer systems have revolutionized the way that we as everyday people go about our day.
Whether it is a smartphone in our pocket with the latest apps, a tablet device in our lab or a
desktop computer in our office, using technology has, and will continue to have a positive impact
on productivity and efficiency – that’s just a fact.
With the way that we consume information today and the non-flinching adoption of new devices
and technology, it just seems natural that we use these systems to manage records electronically in
place of paper records. As the phrase goes, “with great power, comes great responsibility.” The
same can be said for computerized systems in regulated industries.
In this article we take a deeper look at the FDA 21 CFR Part 11 Regulations, and why they are so
important in today’s life science environment.
Part 11, as it’s commonly called, defines the criteria under which electronic records and electronic signatures are
considered to be accurate, authentic, trustworthy, reliable, confidential, and equivalent to paper records and
handwritten signatures on paper. Currently, the scope of this regulation is all FDA program areas.
In August 2003, the FDA published FDA Guidance for Industry Part 11, Electronic Records; Electronic Signatures —
Scope and Application, which describes how Part 11 should be implemented and how the FDA would enforce the
regulation. These guidelines acknowledged that the need for security measures was not the same for every piece of
electronic information. It also introduced the concept of risk analysis and promoted the formal process of risk
assessment to determine appropriate security measures.
The regulation has never been fully enforced, but in July 2010 the FDA announced that it will begin conducting audits
to ensure understanding of and compliance with Part 11 as an element of routine quality inspections.
The Regulation
Part 11 can be sub divided into the following sections:
11.1 Scope;
11.2 Implementation;
Page 2 of 11 Varadharaj. Vijayakumar
E-Magazine-“2” 10/21/2017
11.3 Definitions;
Electronic Records
Electronic Signatures
Electronic Record: Any combination of text, graphics, data, audio, or pictorial information represented in digital form
that is created, modified, maintained, archived, retrieved or distributed by a computer.
Electronic Signature: A compilation of any symbol(s) executed to be the legally binding equivalent of an individual’s
handwritten signature.
Handwritten Signature: The scripted name or legal mark of an individual handwritten by that individual and
executed or adopted with the present intention to authenticate a writing in a permanent form.
Digital Signature: An electronic signature based upon cryptographic methods of originator authentication, computed
by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be
verified.
By introducing the 21 CFR Part 11 rule, the FDA have essentially enabled the Life Science community and other
FDA regulated industries to streamline business processes, reduce turnaround time and costs, all by establishing
standard criteria for the use of electronic records and signatures. If it were not for this rule, we would be unable to
There are three main areas in which FDA regulated companies must look at as primary areas of focus when dealing
with 21 CFR Part 11:
Features of Your System - In accordance with 21 CFR Part 11 there are a range of features that you are required to
have in place when implementing a computer system to manage electronic records and processes. Assurances for audit
trail functionality, electronic signatures, security and data integrity, records retention and file formats are to name but a
few.
Standard Operating Procedures - As with all regulated industries, the companies that operate within them use
Standard Operating Procedures (SOP’s) to govern and describe how they are to do things. Currently in accordance
with Part 11, there are around 9 IT SOP’s needed to address the IT Infrastructure requirements.
System Validation – When implementing an electronic system for the use in regulated activities, you have to ensure
that you document that the electronic system is fit for its intended use. In other words, demonstrate that your system
does what it should do. You must also have controls in place that allow you to identify when the system doesn’t
function as per its intended use. Here you should be utilizing your SOP’s and industry best practices (such as outlined
in GAMP 5) to facilitate the validation process.
An overview of the absolutely essential SOPs that you will need to have in place to meet the
procedural control requirements of 21 CFR Part 11 Electronic Records.
1. System Maintenance SOP: The system maintenance SOP should describe the controls that you have in place to
ensure that appropriate maintenance on your system is carried out in a controlled way, and on a regular basis.
Typically you should look to include a maintenance schedule, with links to your Change Control SOP. Your
System Maintenance SOP should describe the system monitoring procedures that you have in place, as well as a
clear definition of your process for decommissioning systems. Make sure you outline your approach to ensure the
integrity of any data contained within the systems.
2. Physical Security SOP: Physical security focuses on controls that you have in place to secure access to your
premises. These controls could include things like management of key cards and codes, the management of your
building alarm system and intrusion control etc. Physical security should also reference the environmental
controls in place to protect your data installations; such as fire detection and suppression, temperature and
humidity controls and so on.
> Include the printed name of the signer, the date/time the signature was applied, and the meaning of the electronic
signature.
> Be included in human readable form of the record. Electronic signatures must not be separable from their record.
> Must be unique to a single user and not used by anyone else.
> Can use biometrics to uniquely identify the user. If biometrics are not used, they need at least two distinct identifiers
(for example, the user ID and a secret password).
3. Validation should include application-specific functions as well as functions related to Part 11, electronic
audit trail and electronic signatures
True OR False
4. As per Part 11, the procedures are not require to limit the access to authorized users
True OR False
5. Part 11 must be applied to keep electronic records even it is older than 1997
True OR False
6. If you use a computer system to satisfy any predicate rule requirement – 21 CFR Part 11 will apply
True OR False
7. Email software and Microsoft office are the best example of Open system
True OR False
8. Each electronic signature shall be unique to one individual and shall be reused by, or reassigned to, anyone
else.
True OR False
11. Enforce Strict Security Measures and Ensure Data Transfer Is Secure are the key factors for 21 CFR Part 11
compliance
True OR False